Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
QUEEN OF THE VALLEY MEDICAL CENTER
Cited by the California Department of Public Health for a violation of California’s Health and Safety Code relating to medical privacy during an inspection that began on November 2, 2012. Also cited in 17 other reports.
Report ID: 4RTM11.01, California Department of Public Health
Reported Entity: QUEEN OF THE VALLEY MEDICAL CENTER
Issue:
Based on interview and record review, the facility failed to prevent unauthorized access and disclosure of three patients' (Patient 2, Patient 4 and Patient 6) medical information when: A) Patient 2's and Patient 4's medical information were faxed to different private individuals, and B) Patient 6's medical information was e-mailed to the wrong hospital. These failures allowed the unlawful or unauthorized access to three patients' medical information. Findings:#1 CA00302044The California Department of Public Health was notified on 3/6/12 that a breach of protected health information occurred on 3/2/12.During an interview on 11/6/12 at 1 p.m., Administrative Staff A stated that on 3/2/12 Unlicensed Staff H had faxed results of Patient 2's ultrasound X-ray of carotid arteries, to the wrong person, Person 3 instead of Physician F. During an interview on 11/6/12 at 1 p.m., Administrative Staff A also stated that due to human error, Unlicensed Staff H misdialed the fax number for Physician F and the fax was sent to Person 3. During an interview on 11/6/12 at 1 p.m., Administrative Staff A further stated that the fax was sent at the request of Physician G and that Person 3 called the facility to notify them of the error. #2 CA00320485The California Department of Public Health was notified on 8/6/12 that a, breach of protected health information occurred on 7/30/12.During an interview on 11/5/12 at 2 p.m., Administrative Staff A stated that, on 7/30/12, Unlicensed Staff J faxed a request for diabetic self management and education services for Patient 4, to the wrong person, Person 5 instead of Physician I and that the fax included: Patient 4's name, date of birth, phone number, and insurance carrier name. During an interview on 11/5/12 at 2 p.m., Administrative Staff A also stated that due to human error Unlicensed Staff J misdialed the fax number for Physician I and that Person 5 called the facility, on 7/31/12, to notify them of the error . #3 CA00321295The California Department of Public Health was notified on 8/13/12 that a breach of protected health information occurred on 8/7/12.During an interview on 11/5/12 at 3 p.m., Administrative Staff A stated that on 8/7/12 Physician K had e-mailed medical information for Patient 6 to Hospital L instead of Hospital M and that the e-mail included: Patient 6's name, hospital tracking number, admission date, insurance carrier name, attending physician and history/physical.Administrative Staff A further stated that due to human error, Physician K accidentally selected Hospital L from the drop down list on his computer instead of Hospital M, that Hospital L had called the facility and notified them of the error, and that the protected health information had been shredded.A review of the facility pamphlet, given to all patients, for, "NOTICE OF PRIVACY PRACTICE" (no date) reveals the following: "We understand that medical information about you is personal. We are committed to protecting the privacy of medical information about you. In an effort to provide the highest quality medical care and to comply with certain legal requirements, we will and are required to: Keep your medical information private...Follow the terms of this notice".A review of the facility signage posted throughout the facility for, "IMPORTANT INFORMATION ABOUT PATIENT RIGHTS AND SERVICES WE PROVIDE" (no date) reveals the following: "19-Patient Rights: You have the right to...confidential treatment of all communications and records pertaining to your care and stay in this facility...24-Privacy of Health Information - Notice of Privacy Practice:... Who this notice applies to: ...All departments and units of this facility... All employees, staff and other personnel of this facility".A review of the facility Policy and Procedure for, "PROTECTED HEALTH INFORMATION, USE AND DISCLOSURE: DISCLOSURE BY FAX" (6/1/10) reveals the following: "1.0 PURPOSE To describe the requirements when sending or receiving protected health information (PHI) by facsimile (fax)...3.0 POLICY The facility system is permitted to share PHI for treatments purposes without patient authorization, as long as reasonable safeguards are used. These treatment communications may occur by fax. The facility system is required to apply reasonable safeguards when making these communications to protect information from inappropriate use or disclosure".
Outcome:
Deficiency cited by the California Department of Public Health: Health & Safety Code 1280